General
-
Target
2c9bb93dc2c9f841e58db43ba7dedd490cf7e0fd9e66c4b56a888e25e93a510c.zip
-
Size
100KB
-
Sample
250425-q5hsxaxmy7
-
MD5
91be7f5d1087d80fef723f5bf2411e1b
-
SHA1
f4441e966869314e30e79f85a0a03b9216ae2eb3
-
SHA256
77be13bdcebe3c287d776bcaa17baabb8e6733fd3f9b4936ed1b16a5e70f9864
-
SHA512
f96285537e605307636e468f2fec314bebf60613adfe3135062c2e032a457081eeece9e635f3999c23aaaf6d58085eaa0760764153902b3e11004b78e2c8ce2a
-
SSDEEP
3072:sxSZBkZS0yfy5yv2j9eAiv7Gx467voBNJuwzOO:ESZBkkZ89ejh67vwNJuW
Behavioral task
behavioral1
Sample
2c9bb93dc2c9f841e58db43ba7dedd490cf7e0fd9e66c4b56a888e25e93a510c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
2c9bb93dc2c9f841e58db43ba7dedd490cf7e0fd9e66c4b56a888e25e93a510c.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
2c9bb93dc2c9f841e58db43ba7dedd490cf7e0fd9e66c4b56a888e25e93a510c.exe
-
Size
153KB
-
MD5
41050b2b9f619cdd9916e3bdd5b9f2f9
-
SHA1
4238bb0dbb97c3bcd11cfba3ea2614d72c85c4bd
-
SHA256
2c9bb93dc2c9f841e58db43ba7dedd490cf7e0fd9e66c4b56a888e25e93a510c
-
SHA512
1acda6c30b127e619f980720e846804055d795f79dc5f9645bbde4520b988fac1a3c34d3c9a12d002a72b36de05ce67f8bdaff4e93a4e32321261254ad96e00b
-
SSDEEP
3072:H6glyuxE4GsUPnliByocWepjLW9lyNX0bzEvH32Qv:H6gDBGpvEByocWedq/VzFG
-
Renames multiple (7614) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-